Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF SEPTEMBER 17, 2009 FBO #2854
SOLICITATION NOTICE

D -- Activeworx Enterprise System Information Event Management software and support maintenance

Notice Date
9/15/2009
 
Notice Type
Presolicitation
 
Contracting Office
55 Broadway; Cambridge, MA 02142
 
ZIP Code
02142
 
Solicitation Number
DTRT57-09-Q-80107
 
Response Due
9/28/2009
 
Archive Date
12/27/2009
 
Point of Contact
Point of Contact -Karen Marino, Contracting Officer, 617-494-2437
 
E-Mail Address
Contracting Officer
(marinok@volpe.dot.gov)
 
Small Business Set-Aside
N/A
 
Description
This is a non-competitive combined synopsis/solicitation for commercial items prepared in accordance with the format in Federal Acquisition Regulation (FAR) Subpart 12.6, as supplemented with additional information included in this notice. Solicitation No. DTRT57-09-Q-80107 is issued as a Request for Quotation (RFQ). This solicitation is being conducted under Simplified Acquisition Procedures (SAP), FAR Part 13.5 and FAR Part 12. This solicitation document and incorporated provisions are those in effect through Federal Acquisition Circular 2005-36. The NAICS Code is 423430 and the Small Business size standard is 100 employees. This announcement constitutes the only solicitation. A written solicitation will not be issued. The Government intends to award a Firm Fixed-Price Order on a non-competitive basis with Tripwire, Inc., Portland, Oregon. The Volpe National Transportation Systems Center (Volpe Center) has a requirement to purchase a Security Information and Event Management (SIEM) solution to collect, manage and analyze its network infrastructure system logs, server event logs, Intrusion Detection System (IDS) alerts, and vulnerability scan data, in accordance with the Statement of Work (SOW) below. Statement of Work (SOW) ? (BEGIN) BACKGROUND: U.S. DOT/RITA/Volpe National Transportation Systems Center (Volpe Center) requires a Security Information and Event Management (SIEM) solution to collect, manage, and analyze its network infrastructure system logs, server event logs, Intrusion Detection System (IDS) alerts, and vulnerability scan data. A SIEM solution will give the Volpe Center the ability to correlate this data and provide a comprehensive view of events on our network infrastructure, which will greatly enhance the Volpe Center?s capability to respond to current and future threats and provide required auditing capabilities. It must be capable of collecting and correlating logs from Volpe?s network and computer systems infrastructure. It also must have the ability to generate reports and send timely electronic alerts to notify Volpe personnel of threats to the IT infrastructure. SCOPE: The Volpe Center has a requirement for a Security Information and Event Management (SIEM) solution to support the collection and correlation of logs from devices including, but not limited to, firewalls, intrusion detection and prevention systems, vulnerability assessment tools, operating system logs, application logs, virtual private networks, and all other critical assets in the IT infrastructure. The collected logs need to be managed and retained in accordance with the Federal Information Security Management Act (FISMA) of 2002. OBJECTIVES: The Activeworx Enterprise (AE) solution must collect and correlate logs from critical assets in the Volpe Center?s IT infrastructure. AE must allow for logs to be kept for long-term, auditable proof of compliance. AE must be scalable and built on a flexible and extensible platform allowing for future growth and changes to integration requirements. AE must give us the functionality for real time monitoring, historical, trend and ad-hoc reporting. AE must collect and correlate logs from the following products: Symantec Antivirus Corporate Edition, Microsoft Active Directory, Microsoft Windows Operating Systems, Snort, Cisco Secure IDS, Microsoft Exchange, Cisco Works, Nagios, Cisco Router, Cisco Catalyst, Juniper Secure Socket Layer (SSL) Virtual Private Network (VPN) Provide business-level reports for compliance status, business risk, and user profiling. Provide automated report scheduling and distribution. It must contain a report authoring system. AE must have the functionality of automated filtering of reports to provide multiple focal levels to address enterprise reporting needs. The business context reports must be able to apprise management personnel of security status across the enterprise. Provide risk relevant notification levels to ensure that critical threats are addressed in real time to limit exposure to attacks, the loss of data, and to ensure system integrity. Alert members of the Volpe security team via email Retain pertinent event data enabling the Volpe Center to identify long-term trends, investigate attack patterns, and comply with Department of Transportation policy requirements. AE must have an event log archiving and retrieval management system capable of compressing archival log data by 90 percent to manage volumes of log storage.SPECIFICATIONS: SYSTEM REQUIREMENTS: The Vendor shall ensure AE can meet the following requirements: ?Onsite consultation consisting of 16 hours for AE install and configuration tasks. ?Onsite install the AE product on a Windows 2008 Server provided by the Volpe Center.?Perform configuration tasks for the MySQL database maintenance, email alerting, and Intrusion Detection Policy Manager suitable to the Volpe Center?s environment. ?Test that the correlation, alerting and scheduling engines are operational. ?Provide design and deployment advice above and beyond basic installation services as required by the Volpe Center?s unique environment if applicable and as time permits. AE must: ?Perform raw, flat file collection and storage of all events generated by any compatible computer or device on our network. ?Store events of interest taken from Activeworx Log Center in a MySQL database to provide a real time perspective.?Provide built in, readymade, FISMA compliance reports. ?Provide rules-based alerting through email and Syslog protocols. ?Create correlation rules with flow-chart based rule creator.?Provide correlation engine that analyzes threat data to create real-time alerts. ?Provide user management system that allows for granular management of permissions to data and configuration areas. ?Provide user management systems that allows authentication via Active Directory, Radius, or a local user account. ?Provide user management system that tracks user changes and user activities. ?Create customizable interactive event dashboards that have the ability to display charts, graphs, top 10 lists, and maps representing event data. Event Archival: Activeworx Log Center must: ?Retain pertinent event data enabling the Volpe Center to identify long-term trends, investigate attack patterns, and comply with DOT policy requirements. ?Have archiving and retrieval management system capable of compressing archival data by 90 percent to manage volumes of log storage. ?Use raw, flat-file collection and storage for all event log data. Event and Vulnerability Correlation: AE must: ?Correlate security log data with vulnerability scan data to automate the process of identifying potentially compromised systems.?Correlate computer systems event log data to pinpoint unauthorized activity on the system.?Correlate Snort and Cisco IDS alerts with Juniper firewall logs to automate the identification of malicious or unauthorized network traffic. System Compatibility: The AE must collect logs from the following products: ?Symantec Antivirus Corporate Edition?Microsoft Active Directory?Microsoft Windows Operating Systems.?Snort IDS?Cisco Secure IDS?Microsoft Exchange?Cisco Works?Nagios?Cisco Router?Cisco Catalyst?Juniper Secure Socket Layer (SSL) Virtual Private Network (VPN)?Juniper SRX3400 Firewall SNORT IDS Policy Manager AE must: ?Integrate with a SNORT IDS policy manager that allows editing of SNORT rule and configuration files on multiple SNORT sensors through a centralized graphical interface. ?Merge new SNORT IDS rule sets on multiple SNORT IDS sensors through a centralized graphical interface. ?Manage SNORT IDS preprocessors and control output modules on multiple SNORT IDS sensors through a centralized graphical interface. Alerting: AE must:?Provide risk relevant notifications via Exchange email, and or syslog.?Provide group or individual notifications based on correlation rules. ?Enable or disable alerts based on time of day. Event Relationship Diagrams: AE must:?Graphically display the relationship between events. ?Color code events to highlight different event characteristics.?Perform different types of layouts to change the way in which events are being displayed.?Drill down into events to gather more details. ?Replay events in the order in which they occurred. Reporting: AE must:?Generate clear and concise graphical reports focused on high level management review.?Generate detailed reports for system analysts and administrators. ?Create customized ad-hoc reports as needed. Ticketing System: AE must:?Automatically generate a ticket from the correlation engine.?Prevent multiple people from working on the same ticket.?Customize ticket panels to view ticket status. Training?Provide up to eight (8) hours product training via remote internet based training for up to five (5) individuals in a group setting. PERIOD OF PERFORMANCEThe period of performance is for 12 months from date of award. The software maintenance renewal will be requested on an annual basis. Certification and AccreditationService must have at least one Federal Agency with an Authority to Operate (ATO) against NIST IT Security Guidelines SP 800.53 and FIPS 199.Vendor must submit a copy of the ATO with their response. STATEMENT OF WORK (SOW) ? (END) Proposal Pricing: The Contractor shall provide pricing on the following item:CLIN 0001 ActiveWorx Enterprise Software, the license includes: 3 Desktop Licenses (Console Licenses), 3 Collector Licenses (Syslog, Cisco), 1 Scheduling Engine (Report Scheduling), 1 Correlation Engine, 1 Audit Logger, 1 Audit Logger Extension, 10 Event Databases (IDS Logs, Vulnerabilities), 1 Installation and Training WebEx, product code AW-AE, Quantity: 1, Unit Price$__________, Total Price $___________; CLIN 0002 CrossCARE Annual system maintenance, product code CC-R, Quantity: 1, Unit Price $________________ Total Price $_______________. Please provide a total price for CLINs 0001 and 0002. Instructions to Offerors: The signed offer must be submitted electronically via e-mail to Karen.Marino@dot.gov no later than 2:00 P.M. EST on September 28, 2009. The offer should be addressed to the following: U.S. Department of Transportation, Volpe National Transportation Systems Center, Attn: Karen Marino, RVP-32, 55 Broadway, Cambridge, MA 02142. FAR 52.212-1, Instruction of Offerors-Commercial Items is hereby incorporated by reference; All Offerors must include a completed copy of the provision at FAR 52.212-3, Offeror Representations and Certifications-Commercial Items. The Offeror is reminded that as of January 1, 2005, it must provide Certifications and Representations online at least annually via ORCA at the following website: http://orca.bpn.gov. FAR Clause 52.212-4, Contract Terms and Conditions-Commercial Items, is hereby incorporated by reference. FAR Clause 52.212-5, Contract Terms and Conditions Required to Implement Statutes or Executive Orders-Commercial Items is hereby incorporated by reference. Additional clauses cited in 52.212-5 that apply to this acquisition are: 52.203-6, 52.214-35, 52.222-3, 52.222-21, 52.222-26, 52.222-35, 52.222-36, 52.222-37, 52.223-16, 52.225-13, 52.232-33, 52.232-34, and 52.222-41. These references may be viewed at www.arnet.gov. No telephone requests will be honored. When award is made a firm fixed-price purchase order is anticipated. The Government will not pay for any information received. The following notice is provided for informational purposes for Minority, Women-Owned and Disadvantaged Business Enterprises. ATTENTION: Small and Disadvantaged (SDB), Women-Owned, and Disadvantaged Business Enterprises (DBEs). The Department of Transportation's (DOT) Short-Term Lending Program (STLP) offers working capital financing in the form of lines of credit to finance accounts receivable for transportation-related contracts. The Maximum line of credit is $750,000. The STLP loan has a variable rate, which is connected to the prime rate. The current rate may be found on the OSDBU website http://osdbuweb.dot.gov or call 1-(800) 532-1169.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/DOT/RITA/VNTSC/DTRT57-09-Q-80107/listing.html)
 
Record
SN01955345-W 20090917/090916001425-7d871307e6fd1cf35bbc15399111e6e0 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.